Cyber security in oil and gas: countering the threat in the Middle East

The Middle East is responsible for a significant part of the world’s energy supplies. At the same time, interconnected networks and central control systems are in widespread use throughout the region. It is therefore not surprising that the Middle East is fast becoming a target area for cyber-attack. The need to address, explore and counter future threats is paramount and there is no time for deliberation.

Justin Lowe chaired a panel discussion on ‘Response and continuity’. The panel explored organisations’ need for an effective response capability that helps them detect potential security incidents and mobilise a response to reduce impacts, continue business and restore business as usual. Justin also joined the panel in a session focusing on governance, during which he highlighted four key considerations for industrial control systems:

agreeing what to protect and to what level of protection is needed

roles and responsibilities

policies and standards

risk and compliance monitoring

A key discussion point was the different approaches taken across the energy and utilities sector. He noted that the oil and gas, nuclear, power generation, transmission and distribution, and water industries are all taking slightly different approaches.

Stephen Bailey discussed the ‘human and cultural aspects of cyber security’. Stephen’s theme was that technology alone will never win the cyber war – it’s all about people. He discussed the importance of training and raising staff awareness about the danger of malicious activities. This will help deter, identify and stop a large number of the most damaging cyber-attacks. The key is to get to the right people at the right time with a targeted intervention.

Stephen’s main point was that organisations need to get the security culture right, recognising that it is important to balance controls with trust and empowerment. This ensures that you have a security-focused culture where people are doing the right thing when no one is looking.

Cy Glaister participated in a panel session entitled ‘ICS/SCADA – in-depth review’. Cy’s topic of discussion was 'securing unsupported legacy SCADA/ICS products'. Cy touched on his personal experience of working in the UK nuclear sector and discussed some of the challenges he had faced when implementing cyber technologies.